The process of bypassing antivirus software involves chaning or encrypting the contents of a known malicious file so as to change it's binary structure. By doing so the known structure of a malicious file is no longer relevant and the new structure may fool the antivirus software in to ignoring this file. Depending on the type and quality of the antivirus software being tested sometimes an antivirus bypass can be achieved by changing a couple of harmless strings inside the binary file from lowercase to uppercase as different antivirus software use different signatures and technologies to detect malware, it's usually difficult to find a universal solution to bypass all products. Quite often this is trial and error to get past the AV in a test environment. Saying this we have several tools available to us in Kali that can help us get past AV.

The examples below are the old way using msfpayload and msfencode. These days we use msfvenom. The book should show this with up to date syntax.

Software protection tools and executable crypters are most commonly used to obfuscate and license binaries by software vendors to rpevent reverse engineering attempts by software pirates. These same tools are effective at obfuscating malware and can often help avoid antivirus detection. One such open source crypter is called HYPERION and is present on Kali.

For this example, we have copied over our best performing payload and called it backdoor.exe
We have then copied hyperion from the windows binaries section in to the same folder as backdoor.exe
#cp /usr/share/windows-binaries/Hyperion-1.0.zip
#unzip Hyperion-1.0.zip
#cd Hyperion-1.0

Once extracted I cross compile the hyperion source code to create a windows executable.

NOTE: The syntax below is old - example at end of this section is up to date. I need to reference what I did in earlier modules to get the right details to run mingw.
hyperion-1.0#i586-mingw32mvc-g++ Src/Crypter/*.cpp -o hyperion.exe

Invoke the windows executable and use it to protect and meterpreter reverse shell.
hyperion-1.0#wine hyperion.exe ../backdoor.exe ~/Desktop/crypted

The file has now been encrypted and protected. Detection rate has been halved.